CVE-2008-4096

Publication date 18 September 2008

Last updated 24 July 2024


Ubuntu priority

libraries/database_interface.lib.php in phpMyAdmin before 2.11.9.1 allows remote authenticated users to execute arbitrary code via a request to server_databases.php with a sort_by parameter containing PHP sequences, which are processed by create_function.

Status

Package Ubuntu Release Status
phpmyadmin 9.10 karmic
Not affected
9.04 jaunty
Not affected
8.10 intrepid
Fixed 4:2.11.8.1-1ubuntu0.1
8.04 LTS hardy
Fixed 4:2.11.3-1ubuntu1.2
7.10 gutsy Ignored end of life, was needs-triage
7.04 feisty Ignored end of life, was needs-triage
6.06 LTS dapper Ignored end of life

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package Patch details
phpmyadmin